A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass.
The issue can be mitigated by configuring UrlPathHelper to ignore the servletPath via setting "alwaysUseFullPath".